Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Jenkins configuration and security issues

This is the first time I am using Jenkins and I have gone through several online articles but couldn’t find satisfactory answers. We have .Net project, and we are using private GitHub repository. Now I am trying to build CI server with Jenkins. Idea is to whenever developer push the code to GitHub we want to build the project on CI server. I have already installed Jenkins (v 1.646) and GitHub,Git and MSBuild Plugin on CI server. After working with Jenkins for last several hours i have now have several questions.

1> By default Jenkins runs on port 8080. But for continuous integration to work Jenkins must receive notification from GitHub. The port 8080 is by default blocked from the outside world, on CI server port 80 is open. I updated httpport in Jenkins.xml file so Jenkins is running on port 80.
I can access Jenkins from public internet and the web hook url is now http://ipaddress/github-webhook but this opens a big security hole because now anyone can access Jenskins. To solve this issue I have configured global security -> Project-based Matrix Authorization Strategy. So now only I can login and manage the projects. However any person can still type the IP address, land on Jenkins page and Create new user account. Ofcource that user cannot access anything but still it creates a new user in Jenkins’s database So is there a way to run Jenkins management on port 8080 as usual, but receive notification on port 80

2> On Jenkins’s System Configuration page I only see “Git” and “GitHub Plugin Configuration”. I do not see “GitHub Web Hook” option, and also I don’t see “Let Jenkins auto-manage hook URLs” has this changed in version 1.646

3> Since we are using private repository, our project URL is https://github.com/MyCompanyName/reponame and repository URL is https://github.com/MyCompanyName/reponame.git note that the url has company name not the username. But I see error Jenkins log

Failed to remove hook from GitHubRepositoryName[host=github.com,username=MyCompanyName,repository=reponame] java.lang.NullPointerException: There is no credentials with admin access to manage hooks on GitHubRepositoryName[host=github.com,username=MyCompanyName,repository=reponame] at com.google.common.base.Preconditions.checkNotNull(Preconditions.java:231)

Why its trying to use companyname as username? I have setup proper user credentials and it was able to PULL the code.

like image 627
LP13 Avatar asked Jan 28 '16 08:01

LP13


People also ask

What type of security allows for configuration of different contexts in Jenkins?

Matrix-based security. This authorization scheme allows for granular control over which users and groups are able to perform which actions in the Jenkins environment (see the screenshot below).

On which two factors Jenkins security depends?

CLI (SSH and native)

What are the options for security in Jenkins?

Core Jenkins supports four security realms: delegate to servlet container, Jenkins's own user database, LDAP, and Unix user/group database. The "Unix user/group database" option uses Unix's PAM database to authenticate Jenkins users.


1 Answers

I'll add a second answer for other like me who stumbled here but couldn't fix it with the steps above:

1) Make sure to remove the trailling .git from your task SCM config enter image description here

2) Make sure that you have set an ip/domain in Jenkins that can be reached by Github, since this is what will be used to create the hooks in your repos. This might be set to loopback by default if you are running in a VM for example enter image description here

Results in this bad config in Github enter image description here

3) Restart Jenkins with http://your-jenkins-address:port/restart

like image 91
kuzyn Avatar answered Oct 19 '22 00:10

kuzyn